Q&A: Can machine learning help stop email phishing?

We speak to Eyal Benishti, CEO of Ironscales, about using machine learning to combat phishing.

Phishing is the default way into organisations for many attackers. Crunching data through machine learning is now the go to method to solve many IT problems. Eyal Benishti, CEO of Israeli security startup Ironscales, explains how he uses machine learning to help counteract phishing in this short Q&A.

How does Ironscales combine human intelligence with machine learning to combat phishing?

Ironscales uses machine learning to continuously learn based on user behaviour analysis at the mailbox-level. We then arm the users with relevant information using visual aids inside their email client that they can use to make decisions about the emails they’re receiving, such as insights about the sender and their reputation and a report button so that they can flag any suspicious emails. Any emails that are reported as suspicious are automatically sent to the security team and, in parallel, instantly fed back into the machine learning back end, so that it can keep getting smarter in predicting and preventing sophisticated phishing emails as well as filtering out false positives. That combined approach enables companies to proactively protect themselves more effectively, automatically and in real time, from targeted phishing emails.

Is this similar to the work of other security firms (like Darktrace and Cylance) that use machine learning and targeted alerts to combat threats?

The only similarities are the machine learning capabilities and that Ironscales does not use signatures to try and prevent phishing attacks. Ironscales’s approach uses humans and machine learning technology to create a constant feedback loop that enables the technology to get smarter over time and it’s specifically engineered to stop zero-day phishing attacks that bypass legacy solutions that rely on signatures.

Can this help counteract the recent rise of homograph attacks?

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022